Cloud vs. NAS: Where is my Data More Secure?
Today, we would like to conduct a speculative experiment by comparing data with money. In this scenario, the bank equals cloud storage. The money sock under the pillow will be the Network Attached Storage (NAS) in our example. Our aim is to make clear: It is decisive where (and how) data is stored. Therefore, we make the comparison: Cloud vs. NAS.
Data has become a universal good by now – just like a currency. For example, I can exchange my data about my purchasing habits for a special discount in the supermarket. Or, I can only use a service for free that shows me personalized advertisement after a registration in return. This only works because I can be put into different categories because of the data collected about me.
In smaller amounts, I can definitely carry around my money. But as soon as it becomes more, I give it to an expert who will take care of it on my behalf. The bank manages it, deals with my cash flow and makes sure that my finances are regulated in accordance with the applicable legislation.
Data can be seen in the same way. In most cases, it is also better taken care of in the hands of experts. Not I myself but a cloud storage provider will take care of the up-to-dateness of the soft- and hardware as well as of the correct and safe configuration.
Safe Data Management With a NAS Requires Know-how – The Cloud Can be Used by Anyone
Of course, it feels good to throw a bunch of 1,000€ notes into a corner and roll around in the pile of money. However, it is not safe. It should be obvious to anyone that this money should be brought to the bank as soon as possible.
Same goes for the data that individuals create, manage, and use as a basis of their daily lives. Of course, you can safe your family pictures on your private computer (or NAS) in the living room. However, in case of a burglary, fire, or hard disk error, the data will be irretrievably lost. By the way, it does not necessarily have to be an external cause that destroys the data. Simple ignorance could have serious consequences, too. Whoever decides to setup an own network attached storage (NAS), should know exactly what he or she is doing. But at least, he or she should check if the network drive allows anonymous access. In our team, we still remember with horror the 190,000 open hard disks that a student could find and access with a simple crawler, in 2015.
A current example are network-drives from the WesternDigital "My Cloud" series. As recently emerged, this series is facing several security flaws, which enable a malicious attack from the distance. The recommendation for "MyCloud" NAS devices is to immediately update the firmware to v.2.30.172 or to disconnect the storage from the internet. For a full reporting on the issue by Bleeding Computer, click here.
Cloud vs. NAS: The Perceived Loss of Control is Just a Perceived One
The bank for data is a safely encrypted cloud. This cloud is practically a virtual storage location managed physically by a highly specialised provider - teams of experts constantly deal with physical data protection, backups and availability. An individual, self-declared computer expert with a NAS cannot provide this (even when he puts all his efforts into it).
Yes, it feels great to sit on a mountain of banknotes. However, if you want to go the safe way, you should let an expert manage your data, instead of hoarding it locally.
In this case, the expert would be the provider of the servers that contain the cloud data. The most known cloud storage providers, for example, are Dropbox, Google Drive and OneDrive. These providers give their users information about data-backups and security. Thus, you can make sure that your data is protected against any kind of physical accidents and attacks.
Move Only Encrypted Data into the Cloud
It is crucial that the data is already encrypted when it enters the cloud. In this scenario, only the one who holds the keys can access the data and the data is unusable for outsiders. The character strings that are left after encryption do not have any informative value without the appropriate key. I tested this for you:
Screenshot of a Boxcryptor encrypted file, opened without the key.
Only with the appropriate key, or in our case, access to the appropriate Boxcryptor-account and -password, you can access, decrypt and use the data.
End-to-end Encryption with Zero Knowledge Standard
The storage of the idle data (equal to the cash stored in a safe or at home) is not the only factor that has to be considered when it comes to data security. The transfer from the computer to the cloud has to be protected and it should be ensured that the bank itself cannot access the data and use it for its own purposes.
To stay with the example of money and the bank: end-to-end encryption corresponds to a protected cash transport. You put your cash into a small safe and carry this safe to the bank. The bank puts the small safe into its big safe and thus, it does not have access to the banknotes and coins.
In the case of data, the end-to-end encryption refers to secure file transfer, meaning the trip of the data packages through the fibre optic cable. The data packages will be separated, encrypted and send out individually. Only at the destination the data will be made readable again – provided that the recipient posses the right key for decrypting the data.
Why „I have nothing to hide“ is not a logical Argument
So far so good. However, some readers will surely ask: Why it is so important to encrypt the family pictures, the job references and their location data? Mainly people ask this, because they consider themselves as being “not that interesting”.
This is nonsense. Every real, existing person including his or her personal data is valuable. You do not have to be an opponent of a regime, a busty girl or a politician to be interesting. Your private data is valuable and could be used for fraud, identity theft, as well as for hackers who infect computers in order to run a damaged-network.
Private pictures are not only interesting when showing the breasts of a celebrity. Photos of your children or nieces at the beach should neither fall into the wrong hands – for protecting their privacy. The same applies for the novel you are currently writing on, for your correspondence with opponents of the regime in countries with doubtful democratic standards, for the research results of your student groups, for your wedding guest list or for the testament.
The list of examples describing the abusive use of personal data is endless. Every individual should ensure that he or she will not become an example of data abuse. Encryption is important for everyone – even for "boring" private individuals.
Do you already use a cloud? Then it’s about time you encrypt it.
It does not matter if you are using Dropbox, Google Drive, OneDrive or a more unknown cloud. Boxcryptor supports most of the available cloud storage providers and adds end-to-end encryption with zero-knowledge-standard. Why not give it a try and start protecting your data today. It is free for one cloud on two devices.